Bug#778266: marked as done (libarchive: Directory traversal)

[Debian Bug Tracking System]

Your message dated Sat, 07 Mar 2015 15:36:44 +0000
with message-id <e1yugms-00042d...@franck.debian.org>
and subject line Bug#778266: fixed in libarchive 2.8.4.forreal-1+squeeze3
has caused the Debian Bug report #778266,
regarding libarchive: Directory traversal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
778266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778266
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libarchive
Severity: grave
Tags: security

Hi,
please see http://www.openwall.com/lists/oss-security/2015/01/16/7
for details.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libarchive
Source-Version: 2.8.4.forreal-1+squeeze3

We believe that the bug you reported is fixed in the latest version of
libarchive, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated libarchive package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Mar 2015 14:40:58 -0600
Source: libarchive
Binary: libarchive-dev libarchive1 bsdtar bsdcpio
Architecture: source i386
Version: 2.8.4.forreal-1+squeeze3
Distribution: squeeze-lts
Urgency: high
Maintainer: Andreas Henriksson <andr...@fatal.se>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Description: 
 bsdcpio    - cpio(1) from FreeBSD, using libarchive
 bsdtar     - tar(1) from FreeBSD, using libarchive
 libarchive-dev - Single library to read/write tar, cpio, pax, zip, iso9660, 
etc.
 libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc.
Closes: 778266
Changes: 
 libarchive (2.8.4.forreal-1+squeeze3) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team
   * Fix directory traversal vulnerability in bsdcpio (Closes: #778266)
Checksums-Sha1: 
 a25d875e64a81eeba878167057e05003a44bcee0 2197 
libarchive_2.8.4.forreal-1+squeeze3.dsc
 b9cc3bbd20bd71f996be9ec738f19fda8653f7af 1502828 
libarchive_2.8.4.forreal.orig.tar.gz
 27247bdbc72a797f1e62134aa5e9858b6627db1f 17744 
libarchive_2.8.4.forreal-1+squeeze3.debian.tar.gz
 46e3882d16b55100622c645dc5ce228c70e00e12 195712 
libarchive-dev_2.8.4.forreal-1+squeeze3_i386.deb
 c19edc6afd3c58ca56815a2761a3e94231cda6cc 152894 
libarchive1_2.8.4.forreal-1+squeeze3_i386.deb
 a2942bd4cdf73377c2c376424119341a0d305f12 52866 
bsdtar_2.8.4.forreal-1+squeeze3_i386.deb
 703e96159f1d565092054888e0d471eaf0da84c8 34850 
bsdcpio_2.8.4.forreal-1+squeeze3_i386.deb
Checksums-Sha256: 
 e5bef11f37f37a43a746fbad19694dee924e2ae07469e86e08a98946f5ff4d15 2197 
libarchive_2.8.4.forreal-1+squeeze3.dsc
 86cffa3eaa28d3116f5d0b20284026c3762cf4a2b52b9844df2b494d4a89f688 1502828 
libarchive_2.8.4.forreal.orig.tar.gz
 ba0288d5f7cc4b914ac1f8a138b1a815a9c7bd88f19394c00dc8ea8afe84c64a 17744 
libarchive_2.8.4.forreal-1+squeeze3.debian.tar.gz
 985d5c3bbd731bd65ef4a4615696fee4fed97c696c616b22d40bc76737605c73 195712 
libarchive-dev_2.8.4.forreal-1+squeeze3_i386.deb
 e975ee4667954eae2c390b464d60c94eec81d180e0784d5147c64fc0923b32b5 152894 
libarchive1_2.8.4.forreal-1+squeeze3_i386.deb
 cd1eee8173fda4ed312cc244a5b3c6554c1eda9edc30f1aa762fe80b3dcd7f30 52866 
bsdtar_2.8.4.forreal-1+squeeze3_i386.deb
 1df7c34d95224a53023022800c3ef5a9761264a602880e354370855f31e262e2 34850 
bsdcpio_2.8.4.forreal-1+squeeze3_i386.deb
Files: 
 0c07de6c05838af4a7ce1481835a56b4 2197 libs optional 
libarchive_2.8.4.forreal-1+squeeze3.dsc
 83b237a542f27969a8d68ac217dc3796 1502828 libs optional 
libarchive_2.8.4.forreal.orig.tar.gz
 1f8b89cc296274c54c4eb5dec49659a0 17744 libs optional 
libarchive_2.8.4.forreal-1+squeeze3.debian.tar.gz
 a35d992f0f353a9d430565b761d447a7 195712 libdevel optional 
libarchive-dev_2.8.4.forreal-1+squeeze3_i386.deb
 c5c73376d916797a3eea47bb5cea0d6d 152894 libs optional 
libarchive1_2.8.4.forreal-1+squeeze3_i386.deb
 436673d67171e3d1d37c43ef6ec36086 52866 utils optional 
bsdtar_2.8.4.forreal-1+squeeze3_i386.deb
 c13782f7fbfd9d193e3860e1a6267a04 34850 utils optional 
bsdcpio_2.8.4.forreal-1+squeeze3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJU+w0wXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+ngP/iwtoxDDlT/QEQXYXgsf2eoa
xps0ZEuhAdQZ8qgzazvMVUgCfgQsgPflolsRVepA13o4cKrJee6Uf1kxeVu1cMen
bQEpk9saRQ+Q3i1EpAhnQY52V5Ur7RmPJi3egR3FxdmS3ImSKs5hBmUII47p5iri
/D6Ahh3AEtlW6tzy3gzC6DpE6z02L4sASiAcT7POsr0r5Cqk7gpI/vhw1piZiKgb
i1SorC4iL3NZZGtZqXvtHEXUBqHDZzk6gFw06zHwIjY1PY+LfvjRb6ySk4KGiw7z
jLXCgTRsHKyEqJgt0BFnW2/VgXLe1dgkTvS6K2GVlOkOjPCCnNVBUKJ9bvimtSU1
yPS3MbuvsIEzXYKedzNWPssyV5NRs0MX6o8rEoVG8hJslaL2C0Ec4BoJ6yBvH2Mu
MgULsJI8A+3QXag1c5UqwmD6wN87wpUmwJN2cUR1X3FLrgoBVauull09duR/2LAs
3voFISMgGd+rVtLGMt/duwtJn2ZLHmb7HvMWrsQS8jhRUhdvXPd+I3PyHCi5du2s
sbXl6fIuc4fFgy0fzwcEy5gLINwQg3/szXT4399M+d+4/jGEXne8qCHSUhHfhF3+
pjFt7hjHB0Hwcvj99n2/QhwfXwD7/6BkIUWwX8200k55ZeFwWmlYAGxPNBRQEcsp
MKyzEfpp/Bge1yE9yPlv
=htgl
-----END PGP SIGNATURE-----

--- End Message ---